You are browsing upcoming documentation for version 6.0 of OroCommerce, OroCRM, and OroPlatform, scheduled for release in 2024. Read version 5.1 (the latest LTS version) of the Oro documentation to get up-to-date information.
See our Release Process documentation for more information on the currently supported and upcoming releases.
OroCRM, a vital component of the OroSuite, is an open-source Customer Relationship Management (CRM) system designed to empower businesses with comprehensive customer insights and relationship management capabilities. OroCRM is specifically designed with a focus on B2B customer relationship management. This means it includes features and tools that cater to the unique needs and complexities of B2B relationships, such as account and management. It seamlessly integrates with OroCommerce, our robust B2B eCommerce platform, to provide a unified solution for managing customer interactions, sales, marketing, and analytics.
Customer Management: OroCRM centralizes customer data, creating a single, 360-degree view of each customer. This consolidated view enables you to understand customer behavior, preferences, and purchasing history, facilitating personalized interactions and improved customer service.
Sales and Marketing Automation With OroCRM, you can automate marketing campaigns, track leads, and manage the entire sales process. It offers tools for lead management, opportunity tracking, and email marketing, making it easier to nurture prospects and convert them into loyal customers.
Data Analytics and Reporting OroCRM provides powerful analytics and reporting tools, allowing you to gain insights into customer behavior, sales performance, and marketing effectiveness. These insights empower data-driven decision-making, helping you refine your eCommerce strategies.
When integrated, OroCRM and OroCommerce can provide several benefits for businesses looking to manage customer relationships and their online sales operations effectively:
Unified Customer View: The integration between OroCRM and OroCommerce creates a seamless flow of customer data between the two systems. This unified customer view ensures that all customer interactions and transactions are recorded and accessible in one place, eliminating data silos and enabling personalized customer experiences.
Targeted Marketing and Sales: OroCRM’s marketing automation capabilities enable you to segment customers based on their behavior and preferences. This segmentation allows for targeted marketing campaigns, leading to higher engagement and conversion rates. Sales teams can leverage these insights to focus their efforts on high-potential leads and opportunities.
Improved Customer Engagement: With OroCRM, you can proactively engage with customers, promptly addressing their needs and concerns. This enhanced customer engagement fosters loyalty, encourages repeat purchases, and drives revenue growth.
Flexible Customization: OroCRM integration allows you to customize workflows, data synchronization, and interactions based on your unique business needs. This flexibility ensures that the integration aligns perfectly with your eCommerce strategy.
Scalability: Both OroCRM and OroCommerce are highly scalable solutions. Whether you are a small business or a large enterprise, the integrated platform can grow with your business, accommodating increased customer data, transactions, and user activity.
Community and Support: OroCRM has an active community of users and developers, which can help troubleshoot issues, share best practices, and access additional resources. Additionally, Oro, Inc. offers professional support for businesses that require dedicated assistance.
OroCRM includes various security measures to protect sensitive customer data and ensure the platform’s overall security. These measures help safeguard against data breaches, unauthorized access, and other security threats. Here are some of the security measures typically implemented in OroCRM:
Authentication and Authorization:
User authentication: OroCRM supports strong authentication mechanisms, including multi-factor authentication (MFA), to ensure only authorized users can access the system.
Role-based access control (RBAC): OroCRM allows administrators to define user roles and permissions, ensuring that users have the appropriate level of access to data and functionality based on their roles.
Data in transit: OroCRM uses secure communication protocols like HTTPS to encrypt data transmitted between the client and the server, ensuring that data is protected during transmission.
Data at rest: Sensitive data stored in the OroCRM database is often encrypted to prevent unauthorized access in case of a breach.
OAuth2 Protocol for API Access: OroCRM employs the OAuth2 protocol, which has become the de facto standard for securely accessing data through the API. OAuth2 provides a standardized and secure way for applications and users to access OroCRM’s API while maintaining strong authentication and authorization controls. It enables the generation of access tokens and refresh tokens, ensuring that only authorized entities can interact with the CRM’s API.
Protection Against CSRF Attacks: OroCRM includes protection mechanisms against CSRF attacks when users change data through the user interface (UI). This protection is achieved by implementing CSRF tokens within forms. These tokens are unique for each user session and must be included with form submissions. When a user submits a form, the server validates the CSRF token to ensure that the request originated from a legitimate and authenticated user session, preventing malicious actions initiated by attackers from other websites.
Data Audit: OroCRM includes data auditing capabilities to record user activities and system events. This audit trail is useful for monitoring and investigating security incidents.
Account Lockout Mechanism: OroCRM incorporates an account lockout mechanism designed to thwart brute force attacks. The system monitors login attempts when an attacker repeatedly attempts to gain unauthorized access by guessing a user’s password. The user’s account is temporarily locked or suspended after a predetermined number of unsuccessful login attempts within a specified timeframe. This proactive approach helps prevent malicious actors from compromising user accounts through brute force attacks.